The researchers discovered a vulnerability on Google Photos app that has been fixed now. With this vulnerability, hackers can use Google Photos to track their location history. Ron Masas from Internet security company Imperva explained in a blog post that Google Photos has recently been vulnerable to browser-based timing attacks called Cross-Site Search (XS-Search), speculating access to a place or country through the use of image data.
In order for this attack to work, users must be directed to open malicious websites when logging in to Google Photos, and hackers must invest a certain amount of effort to attack, so this is not a ubiquitous risk. Researcher wrote,